<?php
$xtpl_main -> assign("page_title", "Buy now");
//--
$resultBuynow = mysql_query("SELECT * FROM movie WHERE 1");
$rowBuynow = mysql_fetch_array($resultBuynow);
$xtpl -> assign('buynow', $rowBuynow);
if (isset($_POST['frmAct']) && $_POST['frmAct'] == 'doBuynow') {
	$resultCheckBuynow = mysql_query("SELECT member_password FROM member WHERE member_password = '" . md5($_POST['information_password']) . "'");
	if (mysql_num_rows($resultCheckBuynow) > 0) {
		mysql_query("INSERT INTO control (movie_name, movie_price ) 
			VALUES ('" . addslashes($_POST['movie_name']) . "', '" . addslashes($_POST['movie_price']) . "')");

		header("Location: ?mod=member&act=control");
	} else {
		$xtpl -> parse('center.False');
	}
}
?>